the NSO chief and/or senior officers had attractive twitter handles.
160 posts • joined 30 Aug 2008
and then there's NPM, which is in a whole class by itself in terms of problems.
At least that's the impression my mind carries, from what I remember of various news items over the years. It's bad enough that I won't install any NPM or Node based software on my primary laptop.
Here's what I say when a "manager" asks me about QKD:
QKD is a popular and well known method of extracting money from gullible people -- whether it is in the form of grants, startup funding, or outright "product" purchase. In keeping with "quantum" principles, the person being diddled out of his money cannot simultaneously also *know* that he's being diddled.
More seriously, here's some excellent reading for anyone thinking QKD is actually useful: https://crypto.stackexchange.com/questions/51311/what-makes-quantum-cryptography-secure/51314#51314
That reluctance has nothing to do with google, as the phone provider.
Banks and other such entities would have a much more expensive, and possibly even confusing to many, provisioning workflow if they moved away from SMS.
If you're wondering why TOTP would be confusing, I can only say you're extrapolating from the audience of *this* site.
Also, SMS is not so bad here. There's a rule (law? not sure) that all incoming and outgoing SMSs are blocked for 24 hours on any new SIM activation. Raises the bar quite a bit for SIM jacking attacks.
I wish I could say that was entirely true.
I mean, I agree it's not religion. The various religious gathering contributed only a little
But it's not caste either. Wealth and power trump caste any day, yet the Chief Minister of Telangana (KCR) and his son (KTR) are covid-positive.
I can only see elections as the primary problem. I'm also basing my opinion on a couple of very recent news items (27th April; 2 days ago):
maybe 2014, or 2015, or thereabouts, TCS (my employer, Tata Consultancy Services) was "hacked" (1) the same way.
I'm really too lazy to look it up but I think that was also NetSol when that happened.
Looks like they haven't learnt any lessons or modified any of their processes to cover this!
(1) "hacked", in quotes because everyone said we got hacked and we had to go around explaining that it was actually the DNS provider that was "hacked"
to avoid elitism?
well, I'm an Indian, El Reg is Brit -- in both countries, our head of government (1) is the *Prime* Minister, not the *Master* Minister.
Can you get more elitist than "the head of the entire country"?
f-ing virtue signalling corporate jackasses...
(1) the real one, not the titular one
I have a 4 years old Samsung "J2-6" (if I remember the model number right). I just checked in the Messages app, and under "Multimedia Messages" I see "Auto retrieve" is off.
I'm pretty sure I would done that during a permisison sweep when I first got the phone, so granted, it may not be the default, but as it stands, I very much doubt this is "zero-click" for my phone.
And since I know *no one* who would send an MMS (with Whatsapp being near ubiquitous) if I did get one I would probably just delete it sight-unseen.
Now, if you can send this via Whatsapp... now that would be a story!
Implications for normal people are likely to be
- non-financial data: name, age, train travel history, phone number, email address
- financial data: minimal or not at all (IMO)
It's been ages since I booked a ticket on IRCTC, but purchases in India are almost never of the "merchant knows your credit card number and has to keep it safe" type. Most people use "Net Banking", where the merchant does not know anything. It's somewhat like how the initial authentication flow of OAuth works -- you get directed from the merchant to your bank, you login there, accept the payment, and you are then sent back to the merchant, except in this case the merchant does not even know your account number in the bank, though he does know *which* bank you went to.
I'm curious why USAA has been labelled a troll (if I connect the headline to the details correctly).
Wasn't troll supposed to denote entity that don't actually use the tech themselves in some way? I.e., a "non-practicing entity"
USAA is hardly a "non-practicing entity", in fact quite the opposite.
They have not banned POTUS, as in the @POTUS twitter account.
They have banned Trump's personal account, which he has been using to further a far-right agenda while "serving" (and I use the word very loosely) as POTUS.
There **is** a significant difference between these two accounts in terms of the debate that Merkel and co have started, and I am appalled that they are not seeing this difference.
yes, I also thought the same (offline brute force).
However, it can *potentially* eliminate phishing -- but only with browser support I guess. It could even prevent "active MITM" -- the type of phishing that snarfs OTP codes also, from working
I'll have to refresh my memory / understanding of PAKE but if it has an internal Diffie-Hellman type component triggered by the actual password, then the man in the middle cannot learn the session key.
But all this requires browser support. Without browser support -- meaning the password entry window clearly looks different -- the user would have no way to differentiate a phishing site from the normal one.
I've always been a paranoid bugger who runs the mail client in one userid, and 3 different browsers in 2 other userids.
If the malicious link appeared on a web page, it would hit a blank wall -- the userid that is running the browser won't find an email client running, and even if it starts one it's definitely not configured to do anything.
It's also fairly easy to setup this kind of separation in Linux; I imagine a lot of people may be doing similar things (if they're paranoid enough that is).
Maybe it's "proven" now, but to most sensible people with more than Fox News as a source this was kinda assumed to be true, wasn't it?
I certainly thought Assange had a direct hand in Hilary Clinton's defeat. (I don't live in the US. My impressions are formed only from various RSS feeds of normal newspapers (if they're not paywalled) and print newspapers in India).
With a government agency, "monetise" is not the main worry. It's "discriminate", "victimise", "marginalise", and several other things.
And I don't mean just "Big Brother ((C) George Orwell) Modi". I mean any government anywhere in the world, really, because that's what our world is looking like more and more.
That said, I agree with Raj in what he said about the NIC. Not sure about the other part though... sounds plausible, but then the google+apple API expressly prohibits it. What do they do that we are missing?
I've upvoted your post, because I agree with you. Mostly.
In reality though, not everyone who has "Phone Pe", "Google Pay", and similar payment apps have *internally* enabled the UPI interface, so I have several times found that what I have (the BHIM app, from NPCL -- National Payments Corp Ltd I think) does not help me pay certain merchants, and I had to resort to cash.
(I've always been a "cash" guy, always wary of digital surveillance, but my "cash preferred, Big Brother Modi stop watching what I am buying" attitude has taken a hit due to Covid-19)
So I clicked the link.
Every single one is "risk level: low" and "wild level: low".
Existence is moot if it does not propagate.
To be clear, we're not saying Linux is invincible. As someone else mentioned, Linux encompasses all the software that runs on it (at least in people's minds). The Equifax hackers who used Tomcat bugs (if memory serves me right) could easily have written it to *also* propagate, but server to server propagation of binary exploits is not that easy (other than via hacked JS that gets included in a "partner" site).
But a thriving virus ecosystem, with almost every single unmanaged computer probably hosting at least a few, likely more, viruses? Only in Windows
title says it all.
The percentage of transmission due to documents is probably not even measurable. Currency notes are much more likely, and despite being a hard-core "cash is king" person, I can see that would be an issue, but passport, drivers licenses, and so on? Forget it... this is just the government trying to tout a service that no privacy-minded, security-minded, person should even consider using.
I don't understand why your post was downvoted so many times. I was going to write pretty much what you wrote, albeit in different words.
Whether Perens was wrong or right would depend on the actual contract. After all, since payment is involved, there has to be *some* contract above and beyond the GPL (i.e., the GPL cannot be the only contract involved). As long as that contract does not impose restrictions on the software that the client *already has*, GPL is not violated anyway.
And whether Perens was right or wrong, it was clearly an *opinion*. OSS were foolish to take it to court, and got rightfully smacked down.
If you haven't pushed it to anyone yet, rebasing to fix minor issues is perfectly fine. There's no earthly reason not to clean up a commit series before pushing it to the world. In fact, a clean commit series helps the other guys understand what you did better (e.g., rather than seeing commit 9 with something that puzzles them, not realising that commit 13 has a 1-word change that resolves that puzzle with a "doh!", they see commit 9 all correct and proper, say "good", and move on to commit 10).
Rebasing something that's already pushed is, of course, very bad. But that's no reason to ban rebase completely, which -- even if this particular articles does not indicate, this "Hipp" person definitely implements in his "fossil" product.
I would love to be fly on the wall at that meeting.
If you look at his "git versus fossil" page, at https://www.fossil-scm.org/index.html/doc/trunk/www/fossil-v-git.wiki , you can see it won't be a useful conversation. Heck it might not even stay polite, though I hear the guy who wrote git is now much mellowed than in the old days ;-)
Maybe not in the interview/article referred here; I was going by my memory.
So I did some digging: here you go... "Rebase Considered Harmful" -- https://fossil-scm.org/home/doc/trunk/www/rebaseharm.md
Also, https://fossil-scm.org/home/doc/trunk/www/fossil-v-git.wiki#devorg very proudly (my interpretation) says "There is no rebasing mechanism in Fossil, on purpose".
Believe me, this guy is not shy about his hatred of rebase :)
Preventing rebase on a published set of commits is one thing, denying it completely in private branches -- before they're published -- is quite another.
I do recall reading about this "fossil" a few years ago, and I do remember backing off and pretty much ignoring it after that when I saw that the lack of rebase was a point of pride for that author.
There are kinder, gentler, ways to prevent rebase on a server, such as running `git config --global receive.denyNonFastForwards true`, without throwing the baby out with the bathwater and preventing its use on developer-local clones.
I know Linus himself has (supposedly, allegedly, reportedly!) mellowed, but I very much like, and agree with his famous quote about offending people: “I like offending people, because I think people who get offended should be offended.”
I don't mean (and I don't think he meant) that it should be practiced at every opportunity, but I'm sure we all know people who deserve that applied to them.
Biting the hand that feeds IT © 1998–2021